Website integrated example
Here is WWW.LINUXAID.COM.CN as an example, instructs how to build a server like www.linuxaid.com.cn after installing Redhat in server mode. The following server software is running on the web server here: FTP, DNS, WWW, MySQL, Sendmail. After the server is safely installed, the server is first necessary to initially safe settings, generally, to consider the following security issues: After the installation server is completed, the default servers are open, so, first, it is necessary to turn off those Unwanted services, because these services may pose a threat to system security. First need to close the following services: Finger, Talk, Ntalk, Shell, Login, POP3, TFTP, Linuxconf, FTP, Telnet. These services are characterized by the inetd process, which means that these services do not start directly, but there is inetd to monitor their service ports. When there is a service request, inetd will start real service. Process, processing request. And inetd's profile /etc/inetd.conf specifies which services need to be started from inetd. So if you need to turn off the service, you should edit the file, add the comment symbol "#" before the corresponding service, you need to close the finger service, will: Finger Stream TCP NOWAIT NOBODY / USR / SBIN / TCPD IN.Finger Modify To: #finger stream tcp noait nobody / usr / sbin / tcpd in.finger can take the same measures to other services. For services that are not from inetd, it is turned off by command, for example, you need to close the sendmail service, then: /etc/rc.d/init.d/sendmail stop then set it when it is not started at system start: ChkConfig -Level 12345 Sendmail OFF can also use the ntsysv command to set whether to start a service. In general, the server should only start the required service, and must be turned off for those unwanted services.
You can use the command netstat -l -n to view the machine to open those services: Active Internet Connections (ONLY Servers) Proto Recv-q Send-Q local address foreign address statetcp 0 0 INS: domain *: * listentcp 0 0 ns: domain *: * Listentcp 0 0 www: domain *: * listentcp 0 0 *: www *: * listentcp 0 0 *: ftp *: * listenudp 0 0 *: 1036 *: * UDP 0 0 INS: Domain *: * UDP 0 0 ns: domain *: * UDP 0 0 WWW: Domain *: * Raw 0 0 *: ICMP *: * 7RAW 0 0 *: TCP *: * 7Active Unix Domain Sockets (Only Servers) Proto Refcnt Flags Type State I-Node PATH can be seen from the output, this machine opens DNS, WWW, FTP, 1036, ICMP, TCP port, can view / ETC / service to determine what services are specific to the ports indicated by the numbers. Here, close the Telnet service, then how do you log in to the server for configuration? It is recommended to use SSH here because the Telnet protocol is used to transmit passwords and usernames, so this information may be eavesdropped during transmission, and SSH is a substitute for Telnet, and all data between servers and clients. Transmission has been encrypted and therefore improves security. If a system account user does not allow the login system, only allows it to modify its own password, you need to modify the shell, which is the editing / etc / passwd file. For example, if the IDEAL login system is not allowed to edit the Passwd file, modify: ideal: x: 500: 500: Ideal: / home / ideal: / bin / bash is: ideal: x: 500: 500: Ideal: / HOME / ideal: / usr / bin / passwd This will only modify its own password after the user logs in to the system. After the modification is completed, the system will automatically disconnect. 23.2 Setting up the DNS server We first set the DNS server for the server. Here, the server IP address of www.linuxaid.com is 202.99.11.120, which is resolved in the area information of Longshine.com in addition to resolving the area information of LinuxAid.com.cn. That is to say that this machine is responsible for parsing the domain name information of the two districts.
Here, it is assumed that the IP address of www.longshine.com.cn is 202.99.12.120. Step 1: Edit the system already existing /etc/resolv.conf file, the settings are as follows: domain linuxaid.com.cn.nameserver 202.99.11.120 This file defines the local domain name and default domain server, which can be based on its own actual situation. Modify the file. Step 2: Editing the system already existing /etc/named.conf file, the initial content is: options {directory "/ var / named";}; zone "." {Type hint; file "named.ca"; ZONE "0.0.127.in-addr.arpa" {type master; file "named.local";}; modified content as follows: options {directory "/ var / named";}; zone ". {type hint; file "named.ca";}; zone "linuxaid.com.cn" {type master; file "linuxaid.com.cn";}; zone "longshine.com.cn" {Type Master; File "longshine.com.cn ";}; zone" 0.0.127.in-addr.arpa "{TYPE MASTER; file" named.local ";}; zone" 12.99.202.in-addr.arpa "{type master; file" 12.99.202 ";}; zone" 11.99.202.in-addr.arpa "{TYPE MASTER; file" 11.99.202 ";}; where Type specifies the nature of the domain, Hint refers to root domain, Master means that the unit is The domain is an authoritative primary domain server.
Step 3: Create / VAR / Named named LinuxAid.com.cn file content as follows: @ in SOA NS. Linuxaid.com.cn. Root. Linuxaid.com.cn. (2000080701; serial 28800; refresh 7200; Retry 604800; expire 86400; default_ttl) @ in A 202.99.11.120 @ in ns ns. Linuxaid.com.cn. @ in mx 10 mail. Linuxaid.com.cn.localhost in A 127.0.0.1www in A 202.99.11.120mail IN A 202.99.11.120NS IN A 202.99.11.120 This file is the domain data information file of LinuxAid.com.cn, which defines the corresponding information of the IP VS domain name of various servers. Where: @ in A 202.99.11.120 One line defines the IP address corresponding to the domain name LinuxAid.com.cn, which is 201.99.11.120, when the normal domain name resolution is performed on LinuxAID.com (herein, referring to the MX-mail network gate name analysis) A response will be returned to IP address 202.99.11.120.
Step 4: Create a nameless longshine.com. Retri 604800; Expire 86400; Default_ttl) @ in A 202.99.12.120 @ in ns ns. Longshine.com.cn. @ In mx 10 longshine.com.cn.localhost in A 127.0.0.1www in A 202.99.12.120mail in A 202.99.12.120ns IN A 202.99.12.120FTP IN A 202.99.12.120 This file is the domain data information file of longshine.com.cn, which defines the corresponding information of the IP VS domain name of various servers. Step 5: The contents of the named Named.local in the creation / var / named directory are as follows: @ in soa localhost. Root.localhost. (1997022700; Serial 28800; Refresh 14400; RETRY 3600000; expire 86400; default_ttl) @ in Ns localhost.1 in ptr localhost. This file defines the domain name reverse parsing information of the local loop.
Step 5: Create a file called 11.99.202 in / var / named directory, the content is as follows: @ in SOA ns.linuxAid.com.cn. Root.linuxaid.com.cn. (2000080501; Serial 28800; Refresh 7200 @ IN ns ns.linuxaid.com.CN. ;; Server section; 120 in ptr www.linuxaid.com.cn.120 in Ptr mail.linuxAid.com.cn.120 in Ptr ns.linuxAid.com.cn.120 in ptr ftp.linuxAid.com.cn. This file defines the domain name reverse parsing information of the 202.99.11 network. Step 6: Create the file content of 12.99.202 in the / var / named directory: @ in SOA ns.longshine.com.cn. Root.longshine.com.cn. (2000080501; Serial 28800; Refresh 7200; Retry 604800; expire 86400; default_ttl) @ in ns ns.longshine.com.cn. ;; Server section; 120 in ptr www.longshine.com.cn.120 in ptr mail.longshine.com.cn.120 in Ptr NS .longshine.com.cn.120 in ptr ftp.longshine.com.cn. This file defines the domain name reverse parsing information of the 202.99.12 network. Start the startup DNS server You can use the command: NDC START, if the output is "New PID IS 2317", if the output is an error, you need to view the above configuration file is set correctly. At this time, use the command "PS AX | GREP NAMED" should be output: 2317? S 0:00 / usr / sbin / named2319 PTS / 0 S 0:00 GREP NAMED Stop the command of the DNS server process is: NDC STOP.
You can also use the command /etc/rc.d/init.d/named start | stop to start or turn off a service. If you need to automatically start the DNS server when starting, use the command: / sbin / chkconfig -LEVEL 35 nameD ON If you need to turn off the DNS server, use the command: / sbin / chkconfig -level 35 nameD OFF test: start the DNS server Use the command nslookup command to test: [root @ www /] nslookupdefault server: ns.linuxaid.com.cnaddress: 202.99.11.120> wwwserver: ns.linuxAid.com.cnaddress: 202.99.11.120 name: www.linuxaid.com. Cnaddress: 202.99.11.120> set = mx> linuxaid.com.cn> set q = mx> plagh.com.cnserver: ns.linuxaid.com.cnaddress: 202.99.11.120 LinuxAid.com.cn preference = 10, Mail Exchanger = Mail. Linuxaid.com.cnlinuxAid.com.cn Nameserver = ns Linuxaid.com.cnmail. Linuxaid.com.cn Internet address = 202.99.11.120ns. LinuxAid.com.cn Internet address = 202.99.11.120> EXIT If the test result As in the above, the DNS service is successfully installed. 19.2 Setting the FTP server As long as the REDHAT is installed in the server mode, the FTP server should have been running, in this unit, using the command test: FTP localhost If the connection is successful, the FTP server has been successfully installed and running is normal. . If the connection is displayed: ftp: connect: Connection RefusedFTP> Description FTP service is not open, you need to edit the /etc/inetd.conf file, make sure there is the following: ftp stream TCP NOT / USR / SBIN / TCPD IN.FTPD -l -a, if you want to turn off the FTP server, you need to add # to the top of the content above, comment out, then find the process number of the inetd process, PS AX | GREP INETD353? s 0:00 inetd Inetd's process number is 353, then kill -hup 353, you can turn off the FTP server. The following discusses the case, now there is a directory as / www / htdocs / developer, I hope that the user USER1 can read the directory, but it cannot Telnet into the system, and the home directory of USER1 is / utham1. This requirement is mainly to meet multiple administrators to manage different parts of the website, but they do not allow them to log in to the website through the Telnet service, only allowed to ftp to the website.
This needs to add a group, here is defined as a developer group: / usr / sbin / groupadd developer then add USER1 to this group: / usr / sbin / usermod -g developer User1 then modify / www / htdocs / developer belongs to Developer Group: chgrp -r developer / www / htdocs / weveloper Finally, set this directory to developer full control: chmod -r 775 / www / htdocs / weveloper This / www / htdocs / weveloper is all all of the developer group, and it can be User control of the developer group. 19.3 Installation Setting MySQL Server The latest version is downloaded from www.mysql.org, and the latest version is 3.23. Here is mainly discussed to install mysql in a binary package. First download the mysql-3.23.24-beta-pc-linux-gnu-i686.tar.gz to / usr / src directory from the MySQL homepage, then run the command: [Root @ www /] # tar xvfz mysql-3.23.24 -beta-pc-linux-gnu-i686.tar.gz decompressed release, then use the command "CD mysql-3.23.24-beta" into the mysql directory, run: [root @ www /] # ./scripts/mysql_install_db The default installation of mysql is implemented, the default is installed under the / usr / local / mysql directory, which contains all LIB libraries of MySQL, executable file, etc. The following uses mysql client to test if Mysql is normal: [root @ www /] # mysql -u rootwelcome to the mysql monitor. Commands end with; or g.Your mysql connection ID is 61 to Server Version: 3.23.22-beta TYPE 'HELP' for Help. MySQL> Mysql has a root user (Note, and the system's root user has no direct relationship), the database user has read and write permissions to the entire library, and the root user has no password. So first you need to add a password for the user. Enter the following SQL statement at the MySQL prompt: 'update user set password = password (' Yourpassword ')' 'where user =' root ';' 'Flush Privileges;', the task of adding a password to the root user, Now use the quit command to exit MySQL, then reconnect the MySQL server, you need to specify your password information: [root @ www /] # mysql -u root -pyourpasswd can then connect to the MySQL server.
However, it is generally recommended to add a non-root-free database user, so use the following SQL statement to add a user who has root permissions IDEAL: 'Insert Into Uses''Values (' localhost ', 'ideal', 'idealsppasswd', 'y', 'y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y ',' Y ',' Y ',' Y ');' This, you have completed the task of installing the MySQL server on this system, the specific permission settings and how to build a library, how to build a table, how to access library data, Please refer to the mysql manual, there is a very detailed use of help. 19.4 Setting the WWW server After installing Redhat in server mode, the system default has been installed on the APACH server. Use the command: PS AX GREP HTTPD to see if the system's Apache server is running, if it is already running, from another On the Windows machine, enter the IP address of the WWW server in the browser accesses the Apache's default home page. If Apache does not start, you need to use the command: /etc/rc.d/init.d/httpd start to start the Apache server, if the server is successfully started, then use the browser on the Windows machine to test, generally Press the server mode to install the redhat, general Apache can start running, if you can't start running, the most common problem is the httpd.conf of the Apache server is not properly set, this time you need to edit / etc / httpd / confed The content of the servername in /httpd.conf, the server with a formal domain name, where ServerName is the server domain name, take www.linuxaid.com.cn as an example: servername www.linuxaid.com.cn If the server does not have a formal domain Then specify that ServerName is the native IP address. Then start the APACHE server. If you want to start the WWW server when the machine starts, you need to use the following command: [Root @ www /] # / usr / sbin / chkconfig -level 35 HTTPD ON If you want to start the WWW server when starting, use the command: [ Root @ www /] # / usr / sbin / chkconfig -level 35 httpd off If you want to create multiple virtual hosts on this machine, here LinuxAID needs to set two virtual hosts: www.linuxaid.com.cn and forum.linuxAid .com.cn. Since www.linuxaid.com.cn can only assign an IP address, here the domain name-based multi-virtual domain name server is used.
Edit /etc/httpd/httpd.conf, add the following: NameVirtualHost 210.12.114.130